CVE-2005-3627

Priority
Description
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml,
poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify
memory and possibly execute arbitrary code via a DCTDecode stream with (1)
a large "number of components" value that is not checked by
DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large
"Huffman table index" value that is not checked by
DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps
value by DCTStream::readScanInfo.
Package
Upstream:needs-triage
Package
Source: gpdf (LP Ubuntu Debian)
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-01-14 21:37:36 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)